XBRL Audit Issues
Download
Report
Transcript XBRL Audit Issues
XBRL Audit Issues
eXtensible Audits
Presenter John Ryan
Available at
http://www.ryannetworks.com
Topic Outline
XBRL Overview
Easing
Financial Reporting
Red Flags for Accountants and
Investors
Auditor’s New Roles
Sarbanes-Oxley 404 issues
XBRL Overview
History
Goals
Outlook
Looking
Deeper
Examples
History
Started
as AICPA project
Adopted by w3c
Creation of XBRL.org
Accepted by Microsoft, SEC
Goals
Common
Language
To reduce filing burdens
Napster for accountants
Lower the cost of finance depts.
The XBRL GL was created to
meet these goals:
Multi-GAAP, drill-up to multi-XBRL reporting
taxonomies.
Standard format for 3rd-party software to
create journal entries to pull into client GL
system.
Standard format to move unposted and
posted GL information back and forth from
branch offices to consolidating systems,
budgeting and forecasting tools, reporting
tools.
Goals Cont.
Standard format to upload general ledger
information as well as payables and
receivables master files and open balances in
migrating from one system to another or
moving information to or from an Internet
Application Service Provider (ASP).
Standard format to move information from
client systems to CPA/CA.
Standard format to move information from
one CPA/CA system (e.g., write-up) to
another (e.g., tax) in an international context.
Goals Cont…
Standard format to represent open receivables, open
payables, inventory balances, and other asset-based
measures for sharing with banks.
Tool for representing detail drill-down for performance
measurement reporting items.
Extensible for any type of mandatory audit trail.
Extensible for meeting any "sub-ledger" need.
Designed as XBRL spec-compliant but for easy
translation to other uses; cannot assume that XBRL
period, entity, unit and other context (numeric,
nonnumeric) will automatically be there.
Outlook
Adoption
by Microsoft, and the SEC
(Edgar Online)
Adoption by 100% of major accounting
packages, Oracle, Peoplesoft, SAS…
Still Immature (SEC XBRL filings are
hidden inside .gif files to avoid rejection)
Thousands of Dollars problem
Instance Document Creation
Blast Radius (XMetal)
CaseWare International
Creative Solutions
Fujitsu
Hitachi Systems and Services
Microsoft Business Solutions
Semansys Technologies
Ubmatrix
Taxonomy Creation
Fujitsu
Hitachi
Systems and Services
Semansys
Ubmatrix
XBRL Validation
DecisionSoft
J2R
Fujitsu
Semansys
UBmatrix
Technologies
Easing Financial Reporting
Agreement
on Terms
Create One Data Set
Distribute
multiple forms
Agreeing On Terms – Context
Word
Context
Meaning
Mercury
Astronomy Planet
Mercury
Greek
God
Mercury
Chemistry
Element
Mercury
Music
Company
Mercury
Auto
Car
Mercury
Aerospace Rocket
XBRL is XML – The Absolute
Beginners Guide to XML
<!-- The original html recipe -->
<HTML>
<HEAD>
<TITLE>Lime Jello Marshmallow Cottage Cheese Surprise</TITLE>
</HEAD>
<BODY>
<H3>Lime Jello Marshmallow Cottage Cheese Surprise</H3>
My grandma's favorite (may she rest in peace).
<H4>Ingredients</H4>
<TABLE BORDER="1">
<TR BGCOLOR="#308030"><TH>Qty</TH><TH>Units</TH><TH>Item</TH></TR>
<TR><TD>1</TD><TD>box</TD><TD>lime gelatin</TD></TR>
<TR><TD>500</TD><TD>g</TD><TD>multicolored tiny marshmallows</TD></TR>
<TR><TD>500</TD><TD>ml</TD><TD>cottage cheese</TD></TR>
<TR><TD></TD><TD>dash</TD><TD>Tabasco sauce (optional)</TD></TR>
</TABLE>
<P>
<H4>Instructions</H4>
<OL>
<LI>Prepare lime gelatin according to package instructions...</LI>
<!-- and so on -->
</BODY>
</HTML>
Now in XML
<?xml version="1.0"?>
<Recipe>
<Name>Lime Jello Marshmallow Cottage
Cheese Surprise</Name>
<Description>
My grandma's favorite (may she rest in
peace).
<Ingredient>
<Qty unit="ml">500</Qty>
<Item>Cottage cheese</Item>
</Ingredient>
<Ingredient>
<Qty unit="dash"/>
<Item optional="1">Tabasco sauce</Item>
</Description>
</Ingredient>
<Ingredients>
</Ingredients>
<Ingredient>
<Instructions>
<Qty unit="box">1</Qty>
<Item>lime gelatin</Item>
<Step>
Prepare lime gelatin according to package instructions
</Ingredient>
</Step>
<Ingredient>
<!-- And so on... -->
<Qty unit="g">500</Qty>
<Item>multicolored tiny
marshmallows</Item>
</Ingredient>
</Instructions>
</Recipe>
A Markup
<!ELEMENT Ingredients (Ingredient)*>
<!ELEMENT Ingredient (Qty, Item)>
<!-- This is the example DTD
<!ELEMENT Qty (#PCDATA)>
for the example XML -->
<!ELEMENT Recipe (Name, <!ATTLIST Qty unit CDATA
Description?, Ingredients?, #REQUIRED>
Instructions?)>
<!ELEMENT Item (#PCDATA)>
<!ELEMENT Name
(#PCDATA)>
<!ATTLIST Item optional CDATA "0"
<!ELEMENT Description
(#PCDATA)>
"true">
isVegetarian CDATA
<!ELEMENT Instructions (Step)+>
<BODY>
XSL
<?xml version="1.0"?>
<H3>
<xsl:value-of select="Name"/>
</H3>
<xsl:stylesheet
xmlns:xsl="http://www.w3.org/TR/WD-xsl">
<STRONG>
<xsl:template match="/Recipe">
<xsl:value-of
select="Description"/>
<HTML>
<HEAD>
</STRONG>
<TITLE>
<xsl:apply-templates/>
<xsl:value-of select="Name"/>
</BODY>
</TITLE>
</HTML>
</HEAD>
</xsl:template>
XBRL Concept
There are two components
that we can consider: an
XBRL instance and its
associated taxonomy set.
While the XBRL instance
contains the concrete facts
(e.g., the value of the
business concept
"sales_per_share") being
reported, the
taxonomy contains descriptions of the business concepts (e.g., the
description of the business concept "sales_per_ share", what its
syntax is, how it is calculated, etc.) that are being reported.
Example XBRL
<ifrs-gp:AssetsHeldSale
contextRef=“Current_AsOf”
unitRef=“U-Euros” Decimals=“0”>
100000 </ifrs-gp:AssetsHeldSale>
Taxonomies
Approved
Taxonomies comply with
official guidelines for the taxonomy and
with the XBRL Specification
Acknowledged Taxonomies meet the
XBRL Specification only
Private Taxonomies have no
requirements
Link Base – Five Links in Three
Categories
Label
links (labelLink)
Reference links (referenceLink)
Relation links (calculationLink,
definitionLink, presentationLink)
Label And Ref Links
Label and reference links
relate business concepts
to metadata. For instance,
label links can associate
concepts with text strings
that can be used to label
(or otherwise document)
the concept in a report
(e.g., the label "Revenues in most recent quarter" for the item
revenueMRQ defined in the taxonomy). Multiple labels can be
defined for a single business concept in different languages. The
XBRL instance author can decide which labels to use for that
particular instance.
Labels used for Authority
Similarly, reference links can associate references to
authoritative literature in the business domain. The
mechanism used is similar to the label links in that you define
a reference link with a locator for the business concept, one
or more references to documentation, and a referenceArc
defining the association between the locator and the
reference(s).
Links For Calculations
In contrast to label and reference links that relate business
concepts to metadata, relation links relate business concepts
to other business concepts. For example, calculation links
define how a given concept figures in the calculation of
another business concept. For example, the concept
"profitAfterTax" is calculated from the concepts
"profitBeforeTax" and "taxPaid" by subtracting one from the
other.
profitAfterTax = weight(1) * profitBeforeTax + weight(1)*taxPaid
More About Links
The relationship between these
three business concepts is
captured in the calculationLink in
Figure 3.
Definition links describe several
types of relationships among
business concepts, such as
generalization-specialization
relationships (e.g., "postalCode" is a generalization of "zipCode")
among others. Presentation links, as the name implies, define the
relationships between concepts from a presentation perspective (e.g.,
in the presentation of the report, a parent/child relationship should be
shown between "sales" and "printerSales").
Sample XBRL Application
Index of Taxonomies
Jurisdiction
Taxonomy
Spec
Level
Status
Australia
GAAP Commercial and Industrial
2.0
-
-
Canada
GAAP Primary Financial Statements
2.0
Ack
Draft
Germany
AP Commercial and Industrial
2.0
Ack
Draft
IASB
IFRS General Purpose
2.1
Ack
Draft
Korea
GAAP Primary Financial Statements
2.0
Ack
Draft
New Zealand
GAAP Commercial and Industrial
2.1
Ack
Draft
UK
GAAP Commercial and Industrial
2.1
Ack
Draft
Inland Revenue – Corporation Tax
2.1
-
-
US FR Taxonomy Framework
2.1
Ack
Draft
GAAP Commercial and Industrial
2.0
Ack
Draft
GAAP – Banking and Savings
Institutions
2.0
US
Red Flags
Easy
shifting of data between
accounting models
Quick and Dirty Ratio Testing
Non-Audit Fees and Bond Rating
Effects of Financial Leverage
on ROE
Assume
cost of debt is 8% and total
assets = $100
EBIT = earnings before interest and
taxes
EBT = earnings before taxesROE =
return on equity
Tax Rate = 50%. Assume losses result
in tax credit
Panel A 0% Leverage
Rates of return on
assets
0%
4%
8%
12%
16%
$0.00
$4.00
$8.00
$12.00
$16.00
0
0
0
0
0
EBT
Taxes
$0.00
0
$4.00
2
$8.00
4
$12.00
6
$16.00
8
Earnings avail com eq
$0.00
$2.00
$4.00
$6.00
$8.00
0.00%
2.00%
4.00%
6.00%
8.00%
EBIT
Interest Expense
ROE
Panel B 25% Leverage
ROA
0%
4%
8%
12%
16%
EBIT
$0.00
$4.00
$8.00
$12.00
$16.00
-2
-2
-2
-2
-2
EBT
Taxes
Earnings avail com
eq
($2.00)
-1
$2.00
1
$6.00
3
$10.00
5
$14.00
7
($1.00)
$1.00
$3.00
$5.00
$7.00
ROE
-1.30%
1.30%
4.00%
6.70%
9.30%
Interest Expense
Panel C 50% Leverage
ROA
0%
4%
8%
12%
16%
EBIT
$0.00
$4.00
$8.00
$12.00
$16.00
-4
-4
4
4
4
($4.00)
$0.00
$12.00
$16.00
$20.00
-2
0
6
8
10
Earnings avail com eq
($2.00)
$0.00
$6.00
$8.00
$10.00
ROE
-2.00%
0.00%
4.00%
8.00%
12.00%
Interest Expense
EBT
Taxes
Panel D 75% Leverage
ROA
0%
4%
8%
12%
16%
EBIT
$0.00
$4.00
$8.00
$12.00
$16.00
-6
-6
-6
-6
-6
($6.00)
($2.00)
$2.00
$6.00
$10.00
-3
-1
1
3
5
($3.00)
($1.00)
$1.00
$3.00
$5.00
-12.00%
-4.00%
4.00%
12.00%
20.00%
Interest Expense
EBT
Taxes
Earnings avail com eq
ROE
Risk
Capital Markets
Security Markets
Expected Returns
Expected Returns
E(Risk)
Ris(free)
E(Risk)
Ris(free)
Sigma
Beta
Horrigan Bond Rating Model
Z=(1.197 x X0) + (.034 x X1) + (.272 x X2) –
(.501 x X3) + (4.519 x X4) – (.203 x X5)
X0 1 or (0) if the bond is un-subordinated
(subordinated)
X1 = Total Assets
X2 = Common equities / total debt
X3 = Working capital /sales
X4 = Operating profit / sales
X5 = Sales / stockholders’ equity
Ratings
AAA
AA
A
BBB
BB
B
or Lower
2.855 < Z
2.094 < Z < 2.855
1.062 < Z < 2.094
0.838 < Z < 1.062
0.360 < Z < 0.838
Z < 0.360
Non-Audit Fees and Bond Rating –
AaronCrabtreePresentation at www.bus.lsu.edu
Recent accounting scandals and perceived audit failures have
resulted in excessive criticism of the accounting and auditing
professions. […] Our research investigates one aspect of this
situation by exploring the effects that non-audit services performed
by a firm s external auditors have on perceived auditor
independence in the bond market. Specifically, we analyze the
effects that the magnitude and relative degree of non-audit services
have on the bond rating process. Regression results indicate that the
amount of non-audit services provided by a firm s external auditors is
negatively associated with that client s bond rating. […] provide
empirical evidence regarding the role that audit and non-audit
service fees play in establishing a firm s bond rating.
Trouncing the DOW Pension
Fund (by Kenneth Lee)
Uses
Ratios do determine Buy and Sell
Points
Good Track Record based on ROE vs
price movements (28% avg annual
return from 1973-1996.)
In 2001 Buys Coca-Cola because ROE
is up 50% but price is not
Coke Misbehaves
Stephen Taub, CFO.com - January 16, 2004
The Coca-Cola Co. announced that the Securities and Exchange
Commission has launched a formal investigation of the soft-drink
giant.
The probe stems from allegations made by former finance
manager and whistle-blower Matthew Whitley, who sought a $44.4
million settlement from the company on the grounds that he had
been fired in retaliation for raising concerns about accounting
fraud….
Coke Admits Misbehavior
Atlanta Journal 6/18/03
Coca-Cola admitted Tuesday that a high-level employee faked
[…] a written apology from Coke's president and chief operating
officer.
The extraordinary exchange highlighted a day in which Coke
admitted to some -- but not all -- of the allegations raised by a
former employee, Matthew Whitley. […] wasn't told about the
deception when Coke discovered it in 2001. Fisher was fined, but
he kept his job and even was promoted. He no longer works for
Coke.
The Cause ?
Coke's largest shareholder, Warren Buffett, has argued that the
existence of stock options has induced many executives to doctor
financial reports in order to inflate the price of company shares.
Enron executives, for example, received tens of millions of dollars
by cashing in stock options while their company's financial
statements showed false information.
"I think accounting generally, in recent years, has deteriorated and
it's done so with the help of management," said Mr. Buffett, who is
a member of the boards of directors of Coca-Cola and The
Washington Post.
My Investment went Ouch! –
The Cure
Sarbanes-Oxley
Continuous,
timely auditing
Transparency
Separation of Auditors & Consultants
XBRL
Could XBRL help predict this?
MINI – Minority Interest Net
Income
Exibit 1 Financial Statement of CocaCoal (CCE - in Millions of Dollars
Panel A: Income Statement for the Year ending December 31 2001
Net Operating Revenues
Cost of Goods Sold
Gros Profit
SG&A Expenses
Operating Income
Interest Income
Interest Expense
Investment Income
Other Income
Minority Interest Net Icome
Income Before Taxes
Income Taxes
Net Income before Accounting Change
Cummulative Effect of Accounting Change
Net Income
Bottlers
Conslidated
Coke (Parent) (Subsidiary)
Entity
20,092.00
15,700.00
30,663.00
(6,044.00)
(9,740.00) (11,078.00)
14,048.00
5,960.00
19,585.00
(8,696.00)
(5,359.00) (13,632.00)
5,352.00
601.00
5,953.00
325.00
0.00
325.00
(289.00)
(753.00)
(1,042.00)
152.00
0.00
275.00
130.00
2.00
132.00
0.00
0.00
198.00
5,670.00
(150.00)
5,841.00
(1,691.00)
131.00
(1,560.00)
3,979.00
(19.00)
4,281.00
(10.00)
(302.00)
(312.00)
3,969.00
(321.00)
3,969.00
MINI is computed as the
shareholders interest in
the subsidiary’s income.
All other Items are simply
added. Note that the
Parent Income and the
consolidated income are
equal. Note that while
Coke (parent) is bigger
CCE’s interest expense is
greater. Suggesting Coke
is parking liabilities.
Consolidated Ratios
Financial Ratios of CocaCola Equity Method vs Consolidation
Financial Ratios
Equit
y
2001
Consolidate
d
2000
Equity
Consolidated
Current Ration
0.85
0.77
0.71
0.74
Debt to Equity
0.97
2.39
1.24
2.80
Debt to Tangible Equity
1.26
(8.21)
1.56
(7.29)
Debt to Assets
0.49
0.70
0.55
0.74
Debt to Tangible Assets
0.56
1.14
0.61
1.16
Gross Profit
0.70
0.64
0.69
0.63
Return On Sales
0.20
0.13
0.11
0.07
Return On Assets
0.18
0.09
0.10
0.05
Return on Tangb Assets
0.20
0.14
0.12
0.08
Return on Equity
0.35
0.30
0.23
0.20
Return on Tangb Equity
0.45
(1.04)
0.29
(0.52)
Times Interest Earned
20.62
6.61
8.60
3.82
5.73
6.45
5.82
6.55
10.90
9.06
11.32
9.73
LTD to Equity
0.11
0.88
0.09
1.02
LTD to Assets
0.05
0.26
0.04
0.27
Inventory Turnover
Receivables Turnover
Financial ratios show the
discrepancy between the
equity method and the
consolidated method.
All ratios are negatively
impacted. Financial
leverage is the hardest
hit. Debt to equity
Doubles, while debt to
tangible equity goes
negative. Return metrics
are also negatively
impacted
Other Bad Actors using Equity
Method
Enron
Boston
Chicken
Elan
WorldCom/Embratel
…
Other Methods of Debt Hiding
Lease Accounting
Lease Trouble at Delta and others
Banks get preferred Airplane lease rates
Recalculate Airline Debt using lease payments
and work backwards
Pension Accounting
Pension troubles at AMR, Delta, Avaya, Goodyear,
GM, Delphi, Navistar, and Ford
Restate the Pension debt at realistic interest rates
Debt matters including Pension Debt
University of Illinois – XBRL
Kirkwood Credit Analyzer
Ratio
Cmpq Dell
HP
IBM
AssetTurnover
1.53
2.75
1.26
1.01
CurrentRatio
1.17
1.48
1.51
1.09
DaysCOGSInventory
24.24
5.96
57.91 32.58
[…]
Earnings Manipulation Probablity: 0.38% 0.36% 0.17% 0.80%
Issues for XBRL
Taxonomy
Select
Selection Issues
One or More Taxonomies
Implementation
Must
Poor
Map Data Elements to Labels
Flexibility
XBRL
No
Issues
is Flat
Security
Auditor’s New Roles
XBRL Validation
Round
Tripping
Source verification
Instance verification
Completeness verification
XBRL Validation
Roundtripping
Two Validation Levels
Level I – Well Formed – valid XML
Level II – Valid – tests the schema for this (XBRL
document
Still need to test for application conformance
XSLT generation from multiple Instances
Round Tripping
Roundtripping takes a document from its original form (e.g. XHTML)
then translates it to another form (e.g. XBRL), and returns it to its
original form.
Often this simple test will expose many flaws in an XBRL
implementation and is a quick auditor trick to validate the XBRL
generation process.
Source Verification
Workflow
Control
Points
Security
Horizontal
Vertical
Integrity, Authentication, Authority
Security
"The use of vertical XML standards in financial services is on
the rise. However, for XML standards such as MDDL, XBRL,
RIXML to achieve widespread adoption, robust security for
privacy, non-repudiation, trust and message integrity will be
critical," said Mary Knox, principle analyst, Financial Services at
Gartner. "Horizontal Web services standards like WS-Security,
XML Encryption, XML Digital Signatures and SAML are all key
enablers to the increased use of XML in financial services."
Supplementing with XML
Security
XML Security Suite is a tool that provides security features such
as digital signature, encryption, and access control for XML
documents. These features are beyond the capability of
transport-level security protocols such as Secure Sockets Layer
(SSL). The goals in creating this technology were to contribute to
standards development by providing sample implementations
and to supply advanced technologies to partners and developers
and to gather their input.
How it Works/Where to Get –
Commercial Software
Digital signature implementation based on
"XML-Signature Syntax and Processing" by
W3C/IETF
XML encryption implementation based on
"XML Encryption Syntax and Processing" by
W3C
XML Access Control Language and
implementation
http://alphaworks.ibm.com/nav/security?open
&c=security+-+Utilities
Keel Public Domain
Model: Service for interacting with application
or business logic.
Persistence: Service for managing storing
and retrieving object states and data.
Security: Service for managing security of
application, including authentication and
authorization.
Scheduling: Service for scheduling the
execution of the application's various
functionalities.
Crypto: Service for encryption of transmitted
application data.
Instance Verification
Just
because it is valid XBRL does not
mean
The
calculations follow GAAP
That the data is valid
That you have access to the data
That the Instance can be parsed by your
parser
Completeness Verification
Just
because it is XBRL does not mean
that all required fields are reported to
the correct agency
That all financial data made it into the
Instance
Consistency
Just
because it is XBRL doesn’t mean
that
Labels
aren’t overwritten in new an
incorrect ways
That the data was transmitted correctly
That a filter along the way did not remove
key data
Sarbanes-Oxley Requirement
Most public companies registered with the Securities and
Exchange Commission (SEC) will soon be subject to internal
controls reporting similar to the requirement imposed on the
large U.S. banks and other insured depository institutions
more than 10 years ago. Under Section 404 of the
Sarbanes-Oxley Act, most SEC registrants (other than
registered investment companies) must report annually on
the effectiveness of their internal controls, and their
independent auditors must attest to management?s
conclusions
SOX section 404
Sarbanes-Oxley 404 issues
More and Faster Reporting
More Internal Controls, More blackout
periods, more separation of duties etc.
IT departments responsible for security
Unprepared IT departments
Standard controls not defined for workflow
model
Workflow’s are not organizationally
understood
Example 404 Checklists
Checklist Cont.
Checklist Cont.
Checklist Cont.
Using Keel to Develop
Controls
Web
Based Control Checklist
App to implement, Test and Report
WorkFlow
Design
Field level Encryption
Signed wrappers
Keel Environment
Keel is ready made server side
infrastructure. Keel incorporates
multiple open source projects to
provide you with a best of breed
framework that works right out of
the box.
* Security layer
* Database abstraction layer
* Messaging layer
* Business logic layer
* User Interface layer
* Struts
* Cocoon
* Velocity
* Eclipse
Eclipse & Java
XBRL Audit Issues Summary
XBRL is XML with all that entails
XBRL can save your investments
XBRL is a powerful tool to allow auditors to
quickly perform audits
A lot of work needs to be done before these
systems are mature
Sarbanes-Oxley will further burden Auditors
with its IT knowledge requirements